CVE-2024-10026

Published: Jan 30, 2025

Modified: Feb 24, 2025

PUBLISHED

Description

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

Vendor	Product	Versions
Google	gVisor	unaffected `Release 20241028.0`

Weaknesses (CWE)

CWE-328

CWE-339

References

https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56

https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af

https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2

https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-10026

Description

Affected Products

Weaknesses (CWE)

References